<?php
/*
    Authors and license
*/

include_once(dirname(__FILE__).'/../libraries/security.php');

if(isset($_SESSION['logged'])) // user already logged in?
{
	if(isset($_GET['logout']) && $_GET['logout'] == 'true') // checking if user want to logout
	{
		session_destroy();
		echo '<meta http-equiv="Refresh" content="0; url=./" />'; // refreshing content
	}
	include_once(dirname(__FILE__).'/user/panel.php');
}
else
{
	if(isset($_POST['login_sent']) && $_POST['login_sent'] == 'yes') // checking if user already filled login form
	{
		$pepper = codepass($_POST['password']); // adding hash to password
		$login = clear($_POST['login']); // clearing to prevent SQL Injection
		
		$result = mysql_query("SELECT Password FROM Users WHERE Login='$login'")
			or die("Error in database!");
				
		$row = mysql_fetch_array($result);
		$salt = $row['Password']; // password from database is also hashed
			
		if($salt == $pepper) //hashes same = passwords same
		{
			sleep(1); //Anti brute force sleep for 1 second

			$result = mysql_query("SELECT * FROM Users WHERE Login='$login'")
				or die("Error in database!");
			
			$row = mysql_fetch_array($result);
			$_SESSION['access'] = $row['Access'];
			$_SESSION['id'] = $row['Id'];
								
			$_SESSION['logged'] = true;		
			echo '<meta http-equiv="Refresh" content="0;" />'; // refreshing content
		} 
		else 
		{
			sleep (1); //Anti brute force sleep for 1 second
			printLoginForm($lang_login, $lang_password, $lang_register, $lang_lostpassword);
		}			
	}
	else
	{
		printLoginForm($lang_login, $lang_password, $lang_register, $lang_lostpassword);
	}
}

?>